7855 questions

9275 answers

14928 comments

12723 members

0 votes
2,609 views 0 comments
by

Hi,

I have a ubuntu vpn server with strongswan.

I only use preshared key auth . (PSK)

it works perfectly when I connect from MacOS built in VPN client , but fails when trying to enable the modem RUTX11 VPN client :

I get this error :

expected a virtual IP request, sending FAILED_CP_REQUIRED

 charon: 09[IKE] traffic selectors 192.168.1.0/24 === 192.168.1.0/24 inacceptable

 charon: 09[IKE] failed to establish CHILD_SA, keeping IKE_SA

here is my very simple conf in strongswan :

config setup

    charondebug="ike 1, knl 1, cfg 0"

    uniqueids=no

conn ikev2-vpn

    auto=add

    compress=no

    type=tunnel

    keyexchange=ikev2

    fragmentation=yes

    forceencaps=yes

    ike=aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048,aes128-sha256-ecp256,aes128-sha256-modp1024,aes128-sha256-modp1536,aes128-sha256-modp2048,aes256-aes128-sha256-sha1-modp2048-modp4096-modp1024,aes256-sha1-modp1024,aes256-sha256-modp1024,aes256-sha256-modp1536,aes256-sha256-modp2048,aes256-sha256-modp4096,aes256-sha384-ecp384,aes256-sha384-modp1024,aes256-sha384-modp1536,aes256-sha384-modp2048,aes256-sha384-modp4096,aes256gcm16-aes256gcm12-aes128gcm16-aes128gcm12-sha256-sha1-modp2048-modp4096-modp1024,3des-sha1-modp1024!

    esp=aes128-aes256-sha1-sha256-modp2048-modp4096-modp1024,aes128-sha1,aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048,aes128-sha256,aes128-sha256-ecp256,aes128-sha256-modp1024,aes128-sha256-modp1536,aes128-sha256-modp2048,aes128gcm12-aes128gcm16-aes256gcm12-aes256gcm16-modp2048-modp4096-modp1024,aes128gcm16,aes128gcm16-ecp256,aes256-sha1,aes256-sha256,aes256-sha256-modp1024,aes256-sha256-modp1536,aes256-sha256-modp2048,aes256-sha256-modp4096,aes256-sha384,aes256-sha384-ecp384,aes256-sha384-modp1024,aes256-sha384-modp1536,aes256-sha384-modp2048,aes256-sha384-modp4096,aes256gcm16,aes256gcm16-ecp384,3des-sha1!

    dpdaction=clear

    dpddelay=300s

    rekey=no

    left=%any

    leftid=%any

    leftsubnet=0.0.0.0/0

    right=%any

    rightid=%any

    rightsourceip=10.10.10.0/24

    rightdns=8.8.8.8,8.8.4.4

    authby=secret

and /etc/ipsec.sercrets :

: PSK "mypassword"

how can I make the vpn connection to my home modem RUTX11 to my ubuntu server work ?

Thank you

errors on server   /var/log/syslog :

expected a virtual IP request, sending FAILED_CP_REQUIRED

charon: 09[IKE] traffic selectors 192.168.1.0/24 === 192.168.1.0/24 inacceptable

3 Answers

0 votes
by

Hello,

Can you send me a Troubleshoot file via private message? You can find it by going to: SYSTEM>ADMINISTRATION>TROUBLESHOOT.

+1 vote
by
Hello,

add custom option to RUTX11:

leftsourceip=%config
0 votes
by

leftsourceip=%config

and firmware update helped me to establish the link to my server.

now I see a connection  up but my IP is still my ISP IP address and not the vpn server address so I doubt my traffic is going through my vpn.

any idea ?